Note: The GitLab product did not use any of the compromised package versions mentioned in this post.
In the span of 12 days, four separate supply chain attacks revealed that continuous integration and continuous delivery (CI/CD) pipelines have become a high-value target for sophisticated threat actors.
Between March 19 and March 31, 2026, threat actors compromised:
- an open-source security scanne...
